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DETAILED ACTION 

1 . Claims 1-24 are pending in this office action. 

2. Applicant's arguments, filed December 4, 2007, have been fully considered but 
they are not persuasive. 

Claim Rejections 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC § 103 

4. Claims 1-24 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bovdstun et al. (U.S. Patent No. 6,839,708) in view of Pallante (U.S. Patent Pub. No. 
2003/0028495). 

Regarding claims 1 , 9, 10, and 18 , Bovdstun et al. teaches a programmable 
apparatus/web service architecture/computer readable memory/method for 
authenticating and authorizing a service request sent from a service client to a service 
provider, comprising: 

• A processor (fig. 1 , ref. num 32); 

• A memory (fig. 1 , ref. num 48); 
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• An authorization database in the memory (fig. 2, ref. num 40); 

• A service request filter program in the memory directing the processor to receive 
an incoming service request from the service client on a communication channel 
(col. 7, lines 55-60); 

• Extract a service client identifier from the digital certificate associated with the 
service request (col. 8, lines 17-36); 

• Store the service client identifier in the memory (col. 8, lines 17-36, the identifier 
is stored in memory for later comparison); and 

• Send the service request on the communication channel to a web service 
manager (col. 9, lines 1-6); 

• A service client authentication program in the memory directing the processor to 
responsive to receiving an authentication request from a web service manager, 
match the service client identifier with a service client record in the authorization 
database having the same service client identifier (col. 8, line 60 through col. 9, 
line 12); and 

• Responsive to matching the service client identifier with a record in the 
authorization database, call a service authorization program in the memory (col. 
9, lines 9); 

• Wherein the service authorization program directs the processor to determine if 
the service client identifier associated with the service request is authorized to 
access the service provider; and responsive to determining that the service 
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request is authorized, authorize the service provider to process the request (col. 
9, lines 9-28). 

Boyd stun et al. does not teach the service request having a digital certificate 
attached. 

Pallante teaches the service request having a digital certificate attached 
(paragraph 0065). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine attaching a digital certificate to a service request, as 
taught by Pallante , with the programmable apparatus/web service architecture/computer 
readable memory/method of Bovdstun et al. It would have been obvious for such 
modifications because a digital certificate provides assurance that the person 
requesting service is indeed who they say they are. 

Regarding claims 2, 11, and 19 , Bovdstun et al. as modified by Pallante teaches 
wherein the service request filter program further directs the processor to authenticate 
the digital certificate with the issuing certification authority (see paragraph 0075 of 
Pallante). 
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Regarding claims 3, 12, and 20 , Boydstun et al. as modified by Pallante teaches 
wherein the digital certificate is an X.509 digital certificate (see paragraph 0099 of 
Pallante). 

Regarding claims 4, 13, and 21 , Boydstun et al. as modified by Pallante teaches 
wherein the service client identifier is a Distinguished Name (see paragraph 0099 of 
Pallante). 

Regarding claims 5, 14, and 22 , Boydstun et al. as modified by Pallante teaches 
wherein the digital certificate is self-signed (see paragraph 0062 of Pallante). 

Regarding claims 6. 15. and 23 . Boydstun et al. as modified by Pallante teaches 
further comprising an authorization log (see col. 9, line 64 through col. 10, line 6 of 
Boydstun et al.). 

Regarding claims 7, 16, and 24 , Boydstun et al. as modified by Pallante teaches 
wherein the service client authentication program further records the service client 
identifier in the authorization log (see col. 10, lines 6-17 of Boydstun et al.). 

Regarding claims 8 and 17 , Boydstun et al. as modified by Pallante teaches 
wherein the service authorization program further records the service client identifier 
and service request in the authorization log (see col. 10, lines 6-17 of Boydstun et al.). 
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Response to Arguments 

5. Applicant argues Pallante does not teach the service request having a digital 
signature attached (page 7 of remarks). 

Regarding applicant's argument, examiner disagrees. Column 8, lines 17-36 of 
Boydstun et al., teaches that any type of authentication and authorization can take place 
for restricting access to selected content to authenticated users. The use of certificates, 
as taught by Pallante is one such method for ensuring proper authorization. Replacing 
Boydstun et al. authorization method with the specific authorization method of Pallante 
(using certificates), arrives at the claimed invention. Paragraph 0072-0073 of Pallante 
describe the use of certificates in authorizing users. 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BRANDON S. HOFFMAN whose telephone number is 
(571)272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner, Art Unit 2136 
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